FAQ: Why Can’t Some DNS Records Be Proxied?

Why can’t I enable proxying (Cloudflare) for certain DNS records like MX, TXT, or NS?

Not all record types support proxying. Records such as MX, TXT, and NS must remain DNS-only (grey cloud), as proxying these can break email or service delivery.

Explanation:

Some DNS record types are designed specifically for essential routing and identification purposes across the internet. Proxying these records (via services like Cloudflare) would interfere with how they function. Here’s why:

• MX (Mail Exchanger): These records direct email traffic. If you proxy them, it hides the actual mail server, making email undeliverable.
• TXT (Text Records): These are often used for domain verification, SPF, DKIM, or DMARC policies. Proxying them may obscure the necessary validation.
• NS (Name Server): NS records define your DNS hosting. These must be directly visible to the internet to delegate properly.

Best Practice:

Always leave MX, TXT, and NS records in DNS-only mode (grey cloud) to ensure proper service and email functionality.